Privacy notices
The University is transparent about how it uses personal data
Data Protection Complaints Procedure
Introduction
Aston University is committed to handling personal information responsibly and in line with data protection law, of which we are guided by the Information Commissioner’s Office (ICO). If you have concerns about how your personal data has been managed, you can raise a data protection complaint - you do not need to use legal terminology in doing so. Any concern linked to the way we have processed your personal data will be treated as a complaint. Organisations are required to have a clear process for receiving and responding to these concerns. This page explains how Aston University meets that requirement.
When You May Wish to Contact Us
People contact us for a variety of reasons. You may feel that your subject access request or another rights request was not handled correctly, or after noticing an inaccuracy or after being affected by a personal data breach. You might have questions about how your data has been collected, used, stored, or retained. If your concern relates to our use of your personal information, we will consider it carefully.
How to Raise a Data Protection Complaint
We want to make it easy for you to contact us. The ICO expects organisations to offer accessible ways to raise concerns and to recognise complaints however they are submitted.
You can contact us by:
- telephone
- post
- online forms available on our website
- live chat, with the option to speak to a member of staff
- speaking to us in person
If you raise a concern with any member of staff, they will pass it on to our Data Protection Team promptly.
Our Approach
Acknowledgement
We will acknowledge your complaint within 30 days, in line with ICO guidance. Our acknowledgement will confirm that we have received your complaint, identify who will be handling it, and explain the next steps.
Investigation
After acknowledging your complaint, we will look into the issues you have raised. Some methods may include reviewing records or systems, or speaking to colleagues involved in the relevant activity – our aim is to gather further information that will help us reach a clear understanding of the matter. You will receive updates of the investigation at suitable points, so that you remain informed. We ensure that our approach meets the ICO’s expectation for justification regarding how we have handled a complaint.
Outcome
When our investigation is complete, we will provide you with the outcome without undue delay. ICO draft guidance suggests that organisations should usually be able to respond within around three months, unless the case is particularly complex. Our response will explain what we reviewed, the conclusion reached, and any steps taken as a result.
Learning and Improvement
We keep a record of all data protection complaints so that we can learn from them. This is encouraged by the ICO as part of good organisational practice. After each case, we consider whether improvements to processes, staff training or system arrangements would be helpful.
If You Wish to Take the Matter Further
If you remain dissatisfied after our response, you may contact the ICO. Further guidance on how concerns can be escalated is available on their website.
The University uses the following privacy notices:
- Student and Prospective Student
-
Document
- Cookie Policy
-
Please read the Aston University cookie policy.
- Alumni
-
Document
- Working at Aston
-
Document
- Research Participants (non-medical)
-
Document
- Research Participants (medical - HRA)
-
Document
- Research Participants (Medical - non-HRA
-
Document
- Patient Clinics
-
Document
- University Facilities
-
Document
- University Law Clinics
-
Document
- Marketing
- Conference Aston
-
Document
- Members of Council
-
Document
- Media, Short Courses and Events
-
Document
If you have any questions about the University’s privacy notices or how the University processes personal data, please contact the University’s data protection officer.